2 min
Metasploit
How to Avoid Common Mistakes in your Metasploit Community/Pro License Key Request
As a result of export restrictions placed on Metasploit Community and Pro
trials, this year we have introduced some new systems to help process license
requests. We have received a lot of questions about this, and this post will
hopefully answer some of them for you. If you haven't read the original blog
post about the export controls
[/2015/06/05/availability-of-metasploit-community-metasploit-pro-trials-outside-us-canada]
, please take a moment to review the information there on the updates an
1 min
Metasploit
Metasploit Framework Tools Reorg
There are a wide variety of interesting and useful tools in the Metasploit
Framework. Many of these are available from the top-level of Metasploit in the
form of modules and library code. You can find countless tutorials and blogs
about how to put msfconsole, msfvenom and other top-level commands to good use.
However, not many people know about the 'tools' directory, which contains many
useful, single-purpose scripts, with topics spanning from exploit development to
statistics.
One of the probl
4 min
Metasploit
New Metasploit Tools to Collect Microsoft Patches
Patch testing and analysis are important parts in vulnerability research and
exploit development. One popular reason is people would try this technique to
rediscover patched bugs, or find ways to keep an 0day alive in case the fix in
place is inadequate. The same process is also used to find the range of builds
affected by a vulnerability, which tends to be useful to predict the value of
the exploit, improving target coverage and reliability.
Going through Microsoft patches is no easy task, tho
2 min
Windows
Metasploit Framework Open Source Installers
Rapid7 has long supplied universal Metasploit installers for Linux and Windows.
These installers contain both the open source Metasploit Framework as well as
commercial extensions, which include a graphical user interface, metamodules,
wizards, social engineering tools and integration with other Rapid7 tools. While
these features are very useful, we recognized that they are not for everyone.
According to our recent survey of Metasploit Community users, most only used it
for the open source comp
6 min
Metasploit
Flipping Bits in the Windows Kernel
Recently, the MS15-061 bulletin has received some attention. This security
bulletin includes patches for several Windows Kernel vulnerabilities, mainly
related to win32k.sys. Details of one of them, discovered by Udi Yavo, have been
very well covered.
First, the same Udi Yavo published details about the Use After Free on a blog
entry. Later, Dominic Wang [https://twitter.com/d0mzw] wrote a even more
detailed analysis of both the vulnerability and its exploitation on this paper.
Finally, Meysam
20 min
Metasploit
A Debugging Session in the Kernel
Last week, an awesome paper
[https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2015/september/exploiting-cve-2015-2426-and-how-i-ported-it-to-a-recent-windows-8.1-64-bit/]
about the MS15-078 vulnerability and it's exploitation was published by Cedric
Halbronn [https://twitter.com/saidelike]. This vulnerability, originally found
and exploited by Eugene Ching [https://twitter.com/eugeii], already has a
work-in-progress module in Metasploit, which you can follow on github
[https://
13 min
Metasploit
Using Reflective DLL Injection to exploit IE Elevation Policies
As you are probably aware, sandbox bypasses are becoming a MUST when exploiting
desktop applications such as Internet Explorer. One interesting class of sandbox
bypasses abuse IE's Elevation Policies. An example of this type of sandbox
bypass is CVE-2015-0016
[http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0016]. The
vulnerability has already been analyzed by Henry Li, who published a complete
description in this blog entry
[http://blog.trendmicro.com/trendlabs-security-intelligence/
1 min
Metasploit
Metasploit on Kali Linux 2.0
As you are aware, Kali 2.0
[https://www.kali.org/releases/kali-linux-20-released/] has been released this
week and getting quite a bit of attention, as it should. Folks behind Kali have
worked really hard to bring you the new version of Kali Linux that everyone is
excited about. If you have already started to play with the new version, you
probably have realized that something is different, that is; Metasploit
Community / Pro is no longer installed by default.
Where is Metasploit Community / Pr
3 min
Metasploit
Metasploit Local Exploit Suggester: Do Less, Get More!
Meet Lester, the Exploit Suggester
Hey there, my name is Mo ( Mohamed Sadek [https://github.com/MSadek-r7] ). I am
currently an intern at Rapid7, working with the Metasploit team in Austin. After
some research, testing, and more than a few energy drinks, sinn3r (sinn3r
[https://twitter.com/_sinn3r] ) and I have authored the first version of the
Metasploit Local Exploit Suggester, or Lester for short. Lester is a post module
that you can use to check a system for local vulnerabilities, using the
6 min
Metasploit
Interning at Rapid7: A "git push" in the Right Direction
How I Got Here
Hey there! My name is Mo. I'm currently an intern here at Rapid7 working in the
Austin office as part of the Metasploit team. If you came here expecting a deep
understanding of Metasploit, this blog post isn't the right place. If you ARE
interested in knowing what it's like to being a small town college student
working at a leading firm in security engineering, then keep reading!
Everyone used to tell me that every mistake and failure was a push in the right
direction, but that
8 min
Metasploit
Wassenaar Arrangement - Frequently Asked Questions
The purpose of this post is to help answer questions about the Wassenaar
Arrangement. You can find the US proposal for implementing the Arrangement here
[https://s3.amazonaws.com/public-inspection.federalregister.gov/2015-11642.pdf],
and an accompanying FAQ from the Bureau of Industry and Security (BIS) here
[http://www.bis.doc.gov/index.php/policy-guidance/faqs#subcat200]. For Rapid7's
take on Wassenaar, and information on the comments we intend to submit to BIS,
please read this companion pie
2 min
Metasploit
Metasploit Framework Rails 4.0 Upgrade
It is always a running battle to keep an application's backend up to date with
various technologies. Today, we are excited to announce that Metasploit
Framework [https://www.metasploit.com/download/] now ships with Rails 4.0.
Upgrades like this are sometimes hard to get excited about because if everything
goes well, users should see no difference. There are many reasons to upgrade to
Rails 4, though.
Why Upgrade
Here are the important reasons to upgrade from our perspective:
* Security is a b
1 min
Metasploit
2015 Metasploit T-Shirt Design Contest: It's On!
Hacker-designers! We need you! Show us your graphic skills, design an epic
Metasploit t-shirt, and win Eternal Fame and Glory!
[https://99designs.com/t-shirt-design/contests/metasploit-t-shirt-design-contest-489841/brief]
Ahem, er, rather, we're looking for someone to design this year's Metasploit
t-shirt.
And if you are this year's winning Metasploit t-shirt designer, you will get
$230USD and the notoriety and/or immense personal satisfaction in knowing that
you're the 2015 Metasploit t-shi
5 min
Metasploit
Unicode Support in Meterpreter
A short, mostly-accurate history of character encodings
In the beginning, when you wanted to use a computer to store text, there were
not many options - you inherited something from punchcards like EBCDIC or
invented something convenient and unique to your system. Computers did not need
to talk to each other, so there was not much point in standardizing between
vendors. Things were pretty simple.
Then, there came the need for computers and vendors to interoperate and
communicate. Thus, ASCII an
8 min
Metasploit
Meterpreter Survey 2015: You spoke, we listened, then wrote a bunch of code.
The Survey
One month ago we asked the community for feedback about how they use Metasploit
and what they want to see in the Meterpreter payload suite going forward. Over
the course of a week we received over 400 responses and over 200 write-in
suggestions for new features. We have spent the last month parsing through your
responses, identifying dependencies, and actively delivering new features based
on your requests. These requests covered 20 different categories:
General Feedback Metasploit F